Invisible authentication for mobile applications
RSA announced the release of software developer kits (SDKs) designed for mobile application developers to seamlessly integrate strong one-time password (OTP) or risk-based authentication into mobile applications without the need for a separate authentication device.
Software developers now have the ability to build additional layers of security and access control into mobile applications for leading mobile device platforms including Android devices, Blackberry devices and Apple iOS through the integration of RSA’s SecurID and Adaptive Authentication solutions.
RSA has developed an API that is designed to enable end users to seamlessly authenticate through mobile applications with the RSA SecurID software token. However, instead of prompting the user to manually enter the one-time token code, the mobile application integrated with the RSA SecurID solution does this automatically. The same software token can still be outside the mobile application for traditional authentication tasks, for instance, if the user also needs a one-time password to access an online application from a personal computer such as a VPN or web portal.
“This is one of our most innovative implementations of the RSA SecurID software token because it is optimized to run in mobile apps in a manner that makes the strong authentication completely hidden from the user,” said Sam Curry, CTO, Identity and Data Protection at RSA. “Users can securely access a mobile app with their familiar username and PIN while the strong authentication happens in the background. It’s a great example of providing stronger security without sacrificing the simple user experience required in good mobile apps.”
The use of RSA SecurID software tokens helps decrease total cost of ownership for organizations as they don’t require any physical shipping, can be revoked and automatically redeployed, eliminating the need for replacement tokens. Additionally, having the software authenticator embedded in the mobile device to be used for secure access to multiple applications can help reduce the number of costly technical support calls for misplaced tokens.
RSA Adaptive Authentication is a risk-based authentication and fraud detection platform used by more than 10,000 organizations worldwide for authentication of more than 300 million users through risk indicators powered by the RSA Risk Engine, such as device identification, geo-location, behavioral profiling, and fraud data from the RSA eFraudNetwork community.
It is engineered to be embedded into mobile applications to help protect both login and post-login user activities by measuring risk indicators to identify high-risk and suspicious activities. Popular use cases include protecting mobile access to online banking, e-commerce, private portals and VPNs.
RSA SecurID Mobile SDKs are now available for leading mobile platforms including iPhone and iPad devices, Android devices, Symbian platform, Windows Mobile 6.x platform, Java ME platform.